Affects Version/s: PUP 3.8.7, PUP 4.5.2
Sprint:Client 2016-06-29, Client 2016-08-10
Release Notes:Bug Fix
Release Notes Summary:Puppet now correctly connects to Pypi when managing packages with pip
Pypi changed behaviour today because of vulnerabilities in urrlib, which
is used by pip.
Pypi changed to denying http requests entirely instead of redirecting to
https. (I guess? I don't really understand)
Without this patch:
root@derpderp:~# cat foo.pp
root@derpderp:~# puppet apply foo.pp
Warning: Setting templatedir is deprecated. See http://links.puppetlabs.com/env-settings-deprecations
(at /usr/lib/ruby/vendor_ruby/puppet/settings.rb:1139:in `issue_deprecation_warning')
Notice: Compiled catalog for derpderp in environment production in 0.14 seconds
Error: Could not get latest version: HTTP-Error: 403 Must access using HTTPS instead of HTTP
Error: /Stage[main]/Main/Package[diskimage-builder]/ensure: change from 1.17.0 to latest failed: Could not get latest version: HTTP-Error: 403 Must access using HTTPS instead of HTTP
Notice: Finished catalog run in 0.67 seconds
So this breaks any puppet 3.x using the default pip provider.
With this patch, it just works.